Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

FVIEIRAS

[Resolvido!] Desafio pra todos - Generic Host Process for Win32 S

Recommended Posts

Bom dia amigos,

 

Seguinte, probleminha chato que não consigo resolver.

De uma hora pra outra, a máquina passou a apresentar vários problemas. Dentre eles estão...

1-Máquina fica lenta

2-Desinstalou o AVG da máquina sozinho

3-Internet não funciona mais, não abrindo mais o Internet Explorer

4-Apresenta erro Generic Host for Win32 Services

 

Acontece o seguinte... A máquina liga, só que logo me aparece o Spybot me perguntando se eu libero ou não 2 itens:

Categoria: Session Manager

Moificação: Valor Apagado

Entrada: BootExecute

Dados Antigos: Autocheck autochk *

 

Categoria: Session Manager

Moificação: Valor Apagado

Entrada: BootExecute

Dados Antigos: Autocheck autochk *

 

Fico dando sempre Negar, porém toda vez que reinicia aparece de novo!

 

Outra coisa, logo em seguida a estas solicitações, aparece na tela a mensagem de erro Generic Host Process for Win32 Services, onde se eu deixo minimizada a mensagem, consigo trabalhar normalmente na máquina, porém se eu clico em Não Enviar para fechar a mensagem, daí começa tudo... não funciona mais nada....

 

Sei que deve ser um malware, que entrou não sei como... mas... alguém tem idéia de como tirar isso...

PS.: De forma alguma pode ser formatada a máquina, pois existem softwares que não temos mais instalado nela!

 

Segue abaixo o log do Hijack:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:59:47, on 4/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\MSSQL7\binn\sqlservr.exe

C:\WINDOWS\Explorer.EXE

C:\apache\mysql\bin\mysqld-nt.exe

c:\apache\APACHE.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\apache\APACHE.EXE

C:\ARQUIV~1\ARQUIV~1\DATADY~1\ACTIVE~1\WEBCAC~1.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Microsoft ActiveSync\Wcescomm.exe

C:\MSSQL7\Binn\sqlmangr.exe

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\apache\mysql\bin\winmysqladmin.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\system32\taskmgr.exe

C:\FAWAY\LABORATÓRIO\SOFTWARES\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R3 - Default URLSearchHook is missing

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater\AdobeUpdater.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: WinMySQLadmin.lnk = C:\apache\mysql\bin\winmysqladmin.exe

O4 - Global Startup: Administrador de servicios.lnk = C:\MSSQL7\Binn\sqlmangr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://200.161.2.14:8080/cab/OCXChecker_6110.cab

O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://underground.thepie.com:8081/activex...sCamControl.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://200.161.2.14:8080/cab/DownloadFile_7000.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA140164-8166-432B-8465-141263014078}: NameServer = 200.229.128.21,200.229.128.18

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Logitech QuickCam Manager - Unknown owner - C:\WINDOWS\system32\dllcache\mlqm.exe (file missing)

O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: WebCacheService - Data Dynamics - C:\ARQUIV~1\ARQUIV~1\DATADY~1\ACTIVE~1\WEBCAC~1.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! FVIEIRAS

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

-----------------------------------

<!> Abra o HijackThis --> Clique: Do a system scan only

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

<!> Marque,àcima,estas entradas! --> Clique em Fix checked --> Sim!

-----------------------------------

<@> Baixe: < FixPolicies >

<@> Salve-o no Desktop!

<@> Execute o arquivo FixPolicies.exe,com um duplo-clique.

<@> Clique em Install.

<@> Abra a pasta FixPolicies --> Clique em Fix_policies.cmd

<@> Dê permissão ao reparo,caso seja negada por programas de proteção.

<@> Aguarde o término da verificação!

-----------------------------------

<@> Baixe: < SDFix > ( ...by andymanchesta )

<@> Salve-o no Disco Local-C e,descompacte-o aí mesmo.

<@> Reinicie o computador em Modo de Segurança. <-- Link!

<@> Dê um duplo clique em: < runThis.bat >

 

<!> Caso uma janela abra e feche,repentinamente!

<!> Vá em Iniciar --> Executar --> Digite ou cole: %systemdrive%\SDFix\apps\FixPath.exe /Q --> OK!

<!> Reinicie o computador e execute,novamente,o SDFix.

<!> Caso não funcione,verifique a variável %comspec%.

<!> Clique direito do mouse,em Meu Computador --> Propriedades --> Avançadas.

<!> Em Variáveis do Ambiente,verifique se a variável ComSpec,tem o seguinte valor para o cmd.exe:

 

<!> Valor: %SystemRoot%\system32\cmd.exe

<@> Aperte o Y.

<@> Aguarde a conclusão!

<@> Terminando,aperte Enter. ( Ou,qualquer tecla!)

<@> O computador será reiniciado!

<@> Aguarde,ainda,a conclusão da limpeza.

<@> Poste os relatórios: Report.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

 

Segue o Report.txt e depois o hijack. Aparentemente tudo está funcionando normal até agora.

 

 

SDFix: Version 1.240

Run by FABIO on qui 05/02/2009 at 10:48

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

C:\WINDOWS\system32\Microsoft\backup.ftp Found

C:\WINDOWS\system32\Microsoft\backup.tftp Found

 

Checking files:

 

Genuine:

C:\WINDOWS\system32\Microsoft\backup.ftp

C:\WINDOWS\system32\Microsoft\backup.tftp

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Desktop\Error Cleaner.url - Deleted

C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Favoritos\Error Cleaner.url - Deleted

C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Desktop\Privacy Protector.url - Deleted

C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Favoritos\Privacy Protector.url - Deleted

C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Desktop\Spyware&Malware Protection.url - Deleted

C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Favoritos\Spyware&Malware Protection.url - Deleted

C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted

C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-05 11:12:58

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"="C:\\Arquivos de programas\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Arquivos de programas\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Arquivos de programas\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"

"C:\\Arquivos de programas\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Arquivos de programas\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"

"C:\\Arquivos de programas\\AtomPark\\Atomic Email Hunter\\AtomicEmailHunter.exe"="C:\\Arquivos de programas\\AtomPark\\Atomic Email Hunter\\AtomicEmailHunter.exe:*:Enabled:Atomic Email Hunter"

"C:\\Arquivos de programas\\AtomPark\\Atomic Mail Sender\\AtomicMailSender.exe"="C:\\Arquivos de programas\\AtomPark\\Atomic Mail Sender\\AtomicMailSender.exe:*:Enabled:Atomic Mail Sender"

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"="C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

"C:\\Arquivos de programas\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Arquivos de programas\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Arquivos de programas\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Arquivos de programas\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Arquivos de programas\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Arquivos de programas\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\\Arquivos de programas\\UltraVNC\\vncviewer.exe"="C:\\Arquivos de programas\\UltraVNC\\vncviewer.exe:*:Enabled:vncviewer.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Arquivos de programas\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Arquivos de programas\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Arquivos de programas\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Arquivos de programas\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Arquivos de programas\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Wed 6 Jun 2007 660,992 A..H. --- "C:\WINDOWS\system32\d3dinf.dll"

Thu 1 Feb 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Dados de aplicativos\Microsoft\Word\~WRL0143.tmp"

Thu 1 Feb 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Dados de aplicativos\Microsoft\Word\~WRL0534.tmp"

Sat 27 Jan 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Dados de aplicativos\Microsoft\Word\~WRL3106.tmp"

Sat 27 Jan 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Dados de aplicativos\Microsoft\Word\~WRL3444.tmp"

Thu 1 Feb 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Dados de aplicativos\Microsoft\Word\~WRL3805.tmp"

Tue 3 Jul 2007 85,926 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT1.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT162.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT163.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT164.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT165.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT166.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT167.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT168.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT169.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT16A.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT16B.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT16C.tmp"

Tue 3 Jul 2007 85,926 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT16D.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT16E.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT16F.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT170.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT171.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT177.tmp"

Wed 4 Jul 2007 85,926 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT178.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT179.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT17A.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT17B.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT17C.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT17D.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT17E.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT17F.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT180.tmp"

Wed 4 Jul 2007 85,926 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT181.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT182.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT183.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT184.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT185.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT186.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT187.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT188.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT189.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT18A.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT18B.tmp"

Wed 4 Jul 2007 85,926 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT18C.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT18D.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT18E.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT191.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT192.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT193.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT1F3.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT1F8.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT1F9.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT1FA.tmp"

Tue 3 Jul 2007 85,926 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT1FB.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT2.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT3.tmp"

Tue 3 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT4.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT5.tmp"

Wed 4 Jul 2007 0 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\BACKUP\Configura‡äes locais\Temp\BIT6.tmp"

Sun 18 Jul 2004 29,696 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\UNISA Trabalhos e Pesquisas\~WRL0001.tmp"

Thu 15 Nov 2007 47,104 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\UNISA Trabalhos e Pesquisas\~WRL3284.tmp"

Mon 19 Jul 2004 30,208 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\UNISA Trabalhos e Pesquisas\~WRL3912.tmp"

Sat 21 Jan 2006 4,348 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\Minha m£sica\Backup de Licen‡a\drmv1key.bak"

Tue 25 Mar 1980 782 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\Minha m£sica\Backup de Licen‡a\drmv1lic.bak"

Tue 25 Mar 1980 312 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\Minha m£sica\Backup de Licen‡a\drmv2key.bak"

Tue 25 Mar 1980 1,536 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\Minha m£sica\Backup de Licen‡a\drmv2lic.bak"

Sat 4 Dec 2004 33,280 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\Adm. RH\~WRL0325.tmp"

Sat 4 Dec 2004 33,280 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\Adm. RH\~WRL0674.tmp"

Sat 4 Dec 2004 33,280 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\Adm. RH\~WRL2315.tmp"

Sat 4 Dec 2004 33,792 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\Adm. RH\~WRL2943.tmp"

Sat 4 Dec 2004 33,280 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\Adm. RH\~WRL3316.tmp"

Tue 21 Sep 2004 42,496 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\Estatistica\~WRL0286.tmp"

Tue 21 Sep 2004 39,936 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\Estatistica\~WRL1071.tmp"

Tue 21 Sep 2004 141,824 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\Estatistica\~WRL1186.tmp"

Tue 21 Sep 2004 39,936 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\Estatistica\~WRL3147.tmp"

Mon 20 Sep 2004 35,840 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\Estatistica\~WRL3534.tmp"

Wed 1 Dec 2004 114,688 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\tica\~WRL0761.tmp"

Wed 1 Dec 2004 112,640 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\tica\~WRL0786.tmp"

Wed 1 Dec 2004 110,592 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\tica\~WRL0889.tmp"

Wed 1 Dec 2004 104,960 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\tica\~WRL3191.tmp"

Thu 25 Nov 2004 87,552 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CARCIA\Trabalhos da Faculdade\tica\~WRL3379.tmp"

Sun 17 Feb 1980 37,376 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL0001.tmp"

Fri 15 Feb 1980 31,232 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL0002.tmp"

Fri 15 Feb 1980 30,720 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL0004.tmp"

Sun 17 Feb 1980 35,840 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL0005.tmp"

Sun 17 Feb 1980 36,864 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL0006.tmp"

Fri 15 Feb 1980 33,792 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL0187.tmp"

Tue 25 Mar 1980 84,480 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL0349.tmp"

Sun 23 Mar 1980 79,872 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL0570.tmp"

Sun 17 Feb 1980 35,840 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL0841.tmp"

Sun 17 Feb 1980 35,328 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL1458.tmp"

Tue 25 Mar 1980 81,920 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL1809.tmp"

Tue 25 Mar 1980 81,920 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL2192.tmp"

Tue 25 Mar 1980 82,944 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL2521.tmp"

Sun 17 Feb 1980 36,352 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL2547.tmp"

Tue 25 Mar 1980 81,920 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL2690.tmp"

Tue 25 Mar 1980 83,456 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL2856.tmp"

Fri 15 Feb 1980 29,184 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL2983.tmp"

Tue 25 Mar 1980 82,432 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL3050.tmp"

Sun 17 Feb 1980 36,864 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL3087.tmp"

Sun 17 Feb 1980 35,328 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL3165.tmp"

Sun 17 Feb 1980 35,328 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL3511.tmp"

Sun 17 Feb 1980 36,864 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL3584.tmp"

Tue 25 Mar 1980 81,920 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL3645.tmp"

Fri 15 Feb 1980 31,744 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL4008.tmp"

Tue 25 Mar 1980 81,920 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\Igreja\Coisas do Sambarcanjo\~WRL4076.tmp"

Tue 15 Feb 2005 29,696 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\UNISA Trabalhos e Pesquisas\FORMATURA\~WRL0001.tmp"

Wed 16 Feb 2005 29,696 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\UNISA Trabalhos e Pesquisas\FORMATURA\~WRL0005.tmp"

Wed 16 Feb 2005 29,696 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\UNISA Trabalhos e Pesquisas\FORMATURA\~WRL1702.tmp"

Wed 16 Feb 2005 29,696 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\UNISA Trabalhos e Pesquisas\FORMATURA\~WRL1793.tmp"

Wed 16 Feb 2005 29,696 A..H. --- "C:\Documents and Settings\FABIO\Meus documentos\bk\Meus Documentos\CLEBMAR\UNISA Trabalhos e Pesquisas\FORMATURA\~WRL2389.tmp"

 

Finished!

 

 

 

 

HIJACK

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:28:39, on 5/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\MSSQL7\binn\sqlservr.exe

C:\apache\mysql\bin\mysqld-nt.exe

c:\apache\APACHE.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\ARQUIV~1\DATADY~1\ACTIVE~1\WEBCAC~1.EXE

c:\apache\APACHE.EXE

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Microsoft ActiveSync\Wcescomm.exe

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\MSSQL7\Binn\sqlmangr.exe

C:\apache\mysql\bin\winmysqladmin.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\mdm.exe

C:\WINDOWS\system32\msdtc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\FAWAY\LABORATÓRIO\SOFTWARES\Segurança\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R3 - Default URLSearchHook is missing

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\Wcescomm.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: WinMySQLadmin.lnk = C:\apache\mysql\bin\winmysqladmin.exe

O4 - Global Startup: Administrador de servicios.lnk = C:\MSSQL7\Binn\sqlmangr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://200.161.2.14:8080/cab/OCXChecker_6110.cab

O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://underground.thepie.com:8081/activex...sCamControl.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://200.161.2.14:8080/cab/DownloadFile_7000.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA140164-8166-432B-8465-141263014078}: NameServer = 200.229.128.21,200.229.128.18

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Logitech QuickCam Manager - Unknown owner - C:\WINDOWS\system32\dllcache\mlqm.exe (file missing)

O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: WebCacheService - Data Dynamics - C:\ARQUIV~1\ARQUIV~1\DATADY~1\ACTIVE~1\WEBCAC~1.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! FVIERAS

 

<!> Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.

<!> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<!> Marque: Desativar Restauração do Sistema --> Aplicar --> Ok.

<!> Depois,desmarque novamente! --> Aplicar --> Ok.

<!> Para maiores detalhes,vá em: < Docs >

-------------------------------

<!> O log está limpo! :thumbsup:

<!> Tudo Ok?

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.